Unbound DNS returning DHCP4 host IP even with Override set

Started by Dultas, September 19, 2024, 07:46:18 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 19, 2024, 07:46:18 AM
I'm in the process of migrating some servers to a different domain (changing from .net to .com internally) while doing this I need to stand up two instances with the same hostname but different domain names.

I have unbound registering DHCP4 Leases as well as DHCP static mappings. But I also have overrides for both host.domain.net and host.domain.com. And search domain is set to domain.net

server.domain.com was resolving to the WAN IP so I added an override for it so it would resolve to the LAN IP with no issues.

server.domain.net was resolving to the IPs of both server.domain.net (DHCP static) and server.domain.com (DHCP4 Lease) in order to try an correct this issue, since i still need to migrate data to .com I tried adding an override for server.domain.com. However this did not fix the issue. Ever though the override only has the IP address for the .net instance it is still returning both IPs. I have start and stopped unbound dozens of times ( Flush DNS Cache during reload = true) but it still continues to resolve to both IPs. I've flushed the cache on the machine I'm checking the DNS entries from without success either.

Looking for any ideas anyone might have on getting Unbound to actually respect the override.
September 19, 2024, 10:19:00 PM #1
I'm a bit confused about your "DHCP static" and "DHCP4 Lease".... do you have static mappings for some server instances, but others getting DHCP addresses from a pool and specifying their own preferred hostname? or...?

What is your system Domain Name? (System -> Settings -> General -> Domain Name)

What is the Domain Name for the DHCP service? (Services -> ISC DHCPv4 -> [interface] -> Domain Name)

What is the Domain Name for the Static Mappings? (it's an optional setting for each one)

Figuring out why you're getting two answers for server.domain.net is probably the place to start...
September 21, 2024, 07:01:36 PM #2
I finished transitioning from .net to .com so the original issues isn't quite relevant any more. Although another instance of Overrides seemingly not having the highest priority as come up.

QuoteI'm a bit confused about your "DHCP static" and "DHCP4 Lease".... do you have static mappings for some server instances, but others getting DHCP addresses from a pool and specifying their own preferred hostname? or...?

Yes some interfaces on Opnsense have static (internal servers: IDM, NAS, etc) but some are dynamic (laptop, guests, etc). While having DNS resolution for the laptops etc is not strictly required it is a nice to have since resolving them by hostname is quicker if I need to SSH into them etc. Also I'd prefer to not have to manually add every computer / device to a static mapping.



QuoteWhat is your system Domain Name? (System -> Settings -> General -> Domain Name)

Now OPNsense.domain.com. Which annoyingly even with an override the DNS lookup results in all of the gateways being returned instead of it's management IP.



Quote# nslookup opnsense.domain.com 192.168.40.1
Server:         192.168.40.1
Address:        192.168.40.1#53

Name:   opnsense.domain.com
Address: 192.168.100.1
Name:   opnsense.domain.com
Address: 192.168.20.1
Name:   opnsense.domain.com
Address: 192.168.40.1
Name:   opnsense.domain.com
Address: 192.168.1.1
Name:   opnsense.domain.com
Address: 192.168.1.250
Name:   opnsense.domain.com
Address: 192.168.10.1
Name:   opnsense.domain.com
Address: 192.168.30.1

QuoteWhat is the Domain Name for the DHCP service? (Services -> ISC DHCPv4 -> [interface] -> Domain Name)

Blank, so it uses the system default of domain.com

QuoteWhat is the Domain Name for the Static Mappings? (it's an optional setting for each one)

domain.com



I'm not sure why DHCP entries are trumping overrides, it seems like override should be resolved first but that does not seem to be the case. As for opnsense resolving to all it's gateways I was able to solve that issue. I simply unchecked the "Do not register system A/AAAA records".

While that fixed it, I would still have expected overrides to have returned first, otherwise this note on the overrides page is not correct. "Entries in this section override individual results from the forwarders. Use these for changing DNS results or for adding custom DNS records. Keep in mind that all resource record types (i.e. A, AAAA, MX, etc. records) of a specified host below are being overwritten." It is cearly not override ALL records, just most.
Print
Go Up Pages1
User actions